Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

Share this article:

A security researcher identified flaws in popular photo sharing service Flickr that could result in SQL injection and remote code execution, but Yahoo acknowledged and quickly patched the problems.

The SQL injection bugs open the door for remote code execution, Ibrahim Raafat wrote in a Saturday post, explaining he was ultimately able to obtain the MYSQL root password and gain access to sensitive information contained within the Flickr database. 

Raafat originally launched Flickr to check if a vulnerability he previously reported to Yahoo had been patched, but soon discovered two Blind SQL Injection vulnerabilities and a Direct SQL Injection flaw in the Flickr Photo Books feature.

The researcher reported the vulnerabilities to Yahoo and the internet corporation patched the problems within six hours, Raafat wrote.

Share this article:

Sign up to our newsletters

More in News

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.